USN-781-1: Pidgin vulnerabilities

Ubuntu Security Notice USN-781-1

3rd June, 2009

pidgin vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 9.04

Ubuntu 8.10

Ubuntu 8.04 LTS

Software description

pidgin

Details

It was discovered that Pidgin did not properly handle certain malformedmessages when sending a file using the XMPP protocol handler. If a userwere tricked into sending a file, a remote attacker could send a speciallycrafted response and cause Pidgin to crash, or possibly execute arbitrarycode with user privileges. (CVE-2009-1373)

It was discovered that Pidgin did not properly handle certain malformedmessages in the QQ protocol handler. A remote attacker could send aspecially crafted message and cause Pidgin to crash. This issue onlyaffected Ubuntu 8.10 and 9.04. (CVE-2009-1374)

It was discovered that Pidgin did not properly handle certain malformedmessages in the XMPP and Sametime protocol handlers. A remote attackercould send a specially crafted message and cause Pidgin to crash.(CVE-2009-1375)

It was discovered that Pidgin did not properly handle certain malformedmessages in the MSN protocol handler. A remote attacker could send aspecially crafted message and possibly execute arbitrary code with userprivileges. (CVE-2009-1376)

Update instructions

The problem can be corrected by updating your system to the following
package version: